Privacy Policy

Last updated: March 31, 2026

Introduction

Skopos, Inc. (“Skopos”, “we”, “us”, or “our”) operates the Skopos vendor risk management platform. This Privacy Policy explains how we collect, use, store, and share information when you use our platform, visit our website, or otherwise interact with our services.

Information We Collect

We collect the following categories of information:

• Account information — your name, email address, organization name, and role within your organization.
• Vendor risk data — questionnaire responses, risk assessments, evidence documents, and other materials uploaded by clients in the course of vendor reviews.
• Usage analytics — information about how you interact with the platform, including pages visited, features used, and actions taken.
• Device and browser information — IP address, browser type and version, operating system, and device identifiers.
• Cookies and similar technologies — see our Cookie Policy for details.

How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Skopos Platform.
• Authenticate users and manage access controls.
• Process vendor assessments and generate risk reports.
• Communicate with you about your account, platform updates, and support requests.
• Monitor platform usage for security and performance purposes.
• Comply with applicable legal obligations.

Data Storage and Security

We take the security of your data seriously. Our infrastructure and practices include:

• Data is hosted on Amazon Web Services (AWS) in United States regions.
• All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
• Multi-tenant architecture with strict data isolation enforced through tenant-level scoping on every database query.
• Regular penetration testing and security assessments conducted by independent third parties.
• Active SOC 2 Type II compliance program with annual audits.

Data Sharing

We do not sell your personal information or your clients' data. We share information only in the following circumstances:

• Sub-processors — we use trusted third-party services to operate the platform, including AWS (infrastructure), Stripe (payment processing), SendGrid (transactional email), and Mixpanel (product analytics).
• Legal requirements — when required by law, regulation, legal process, or enforceable governmental request.
• With your consent — when you have given explicit consent to share specific information.

A complete list of sub-processors is available upon request by contacting privacy@skopos.com.

Data Retention

We retain your data for the duration of your active subscription plus 90 days following termination or expiration. Audit logs are retained for 7 years to meet regulatory and compliance requirements. You may request deletion of your data at any time, subject to any legal retention obligations that may apply.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — request that we correct inaccurate or incomplete information.
• Deletion — request that we delete your personal information.
• Portability — request a machine-readable copy of your data.
• Restriction of processing — request that we limit how we use your data.
• Objection — object to our processing of your personal information.

For EU data subjects (GDPR): You have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority.

For California residents (CCPA): You have the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

International Transfers

Your data is processed and stored in the United States. If you are located outside the United States, your information will be transferred to and processed in the US. For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to provide appropriate safeguards. Copies of our SCCs are available upon request.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you via email or through an in-app notification prior to the changes taking effect. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

privacy@skopos.com
Skopos, Inc.
Austin, TX